A股实时行情数据
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: a-share-real-time-data Version: 1.0.0 The skill bundle is designed to fetch China A-share stock market data using the `mootdx` library. The `SKILL.md` and `scripts/setup_and_verify.py` files clearly document and implement a monkey-patch (`tdxpy.hq.time_frame = lambda: True`) to bypass a timezone-related trading hour check in the underlying `tdxpy` library. While monkey-patching can be a risky capability, it is openly declared, explained with a clear functional justification, and limited to a specific function, not indicating malicious intent. There is no evidence of data exfiltration, persistence, unauthorized execution, or prompt injection against the agent beyond the stated purpose of fetching stock data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup may install the current PyPI release of mootdx and its dependencies into the active Python environment.
The setup helper installs an external PyPI package without pinning a version. The dependency is central to the skill, but users inherit the package and dependency supply-chain risk.
subprocess.check_call([sys.executable, "-m", "pip", "install", "mootdx"])
Install in a virtual environment and consider pinning or reviewing mootdx and tdxpy versions before use.
The agent may query TDX endpoints outside normal trading-hour checks and could receive empty, stale, or unexpected results.
The script deliberately changes tdxpy's trading-hour gate so API calls are allowed even when the library would normally block them. This is disclosed for timezone handling, but it changes the upstream library's normal behavior.
tdxpy.hq.time_frame = lambda: True
Use the patch only when needed for timezone issues, and keep user control over setup, demo, and batch-query runs.